Risk Management
The WHY | HOW | WHEN
| RISK Management complements the project from Start to End |
Risk Management is an ongoing process of monitoring and adjusting defined mitigations, towards the project progress!
The Risk Management Circle
Risk Management (RM) is a process that involves every department. Every team member is responsible to follow and assess the projects risk in a continuous basis.
RM starts when Sales identifies an opportunity and ends with project closing!
RM is a continuous process that needs continuous attention during the entire Project LC.
It needs a plan, discipline and attention.
Risk Management is a TEAM effort!
The Project Manager OWNs the Risk Management process and is ultimately responsible to enforce defined mitigation & corrective actions.
Consequences Neglecting Risk Management
Two Example Studies
Quick Study: Ship Unloading System
A European supplier specializing in design—but not manufacturing—sold a Ship Unloading System to the U.S. In an effort to cut costs under management pressure, they selected a new steel supplier from Asia, despite having no prior experience with them. The supplier was located on the other side of the world, and neither their team nor the seller’s team conducted thorough due diligence on quality control.
After the steel structure was shipped and the system fully installed, a critical issue surfaced during startup. The supervisor noticed several welds of poor quality and immediately ordered a comprehensive inspection. The results were alarming—significant defects were found throughout the structure. One inspector later remarked that the company was incredibly lucky the structure hadn’t collapsed.
Though no one was injured, the consequences could have been catastrophic. The entire structure required extensive repairs and partial replacement, leading to multi-million-dollar losses for the supplier.
This disaster could have been entirely avoided with a proper Risk Management Process in place!
Quick Study: Civil Engineering
A European supplier, through a sub-supplier, sold steel grain silos for installation at a site in Africa. However, collaboration between the building and foundation general contractor (GC) and the suppliers proved challenging. Details got neglected either through misunderstanding or Mgt. decisions - in the aftermath, nobody knows exactly. Instead of conducting a detailed site-specific soil analysis, the GC designed the foundation based on assumptions from a nearby facility they had previously worked on, expecting similar soil conditions.
Once installed, the customer began filling the silos—comparable in size to those at the neighboring facility—and production commenced. Within weeks, the production team noticed the silos were no longer level. An investigation revealed that one side of the concrete slab had sunk, creating a dangerous imbalance. Fortunately, no one was injured, but the instability could have led to a catastrophic silo collapse.
The root cause was traced to unexpected differences in underground conditions compared to the nearby facility. Some speculated that uneven filling during startup may have worsened the issue. However, this costly and avoidable failure underscores the importance of a proper risk management process to ensure site-specific foundation design and prevent such structural failures.
Risk Management begins at Opportunity stage and ends at Project Closing!
Implement a strong Risk Management Process for your project in x steps!
From a Equipment Supplier's Perspective:
At Opportunity (Quoting) stage:
It is highly recommended to conduct an S&Q Risk Check before preparing and submitting a major quote to the customer.
In fact, we advise against approving the preparation of a quote (e.g., generating a quote number) until the S&Q Risk Check is completed.
If you use an ERP system, you can establish a rule requiring the Risk Check before the system grants access to the quoting tool. In smaller companies, this can be managed through a structured process.
A template with key questions for this stage is available in the Risk Management Package, and the HOM documents also address this.
The Risk Check at the Opportunity Level serves two main purposes:
Identify potential risks that could impact the project scope and pricing.
Determine the project category to assess whether further risk evaluations are needed.
Based on the identified risk level, a full FMEA may be required. Most capital projects must undergo an FMEA.
After PO reception:
Once the purchase order (PO) is received and the project is released, the Project Manager (PM) must conduct their own Risk Assessment.
This is not a duplication of effort but a necessary step, as the S&Q Risk Check is less detailed than the Project Execution Risk Assessment. The PM must verify that the risk level remains unchanged.
It is common for changes to occur between the initial quote and the receipt of the PO. Adjustments to the scope may have been made, and in many cases, the Risk Check is not updated by Sales.
Based on the assessment, a deeper Risk Evaluation may or may not be required to ensure all potential risks are addressed.
During Project Execution:
Ensure continuous tracking of identified risks and their defined mitigation measures.
There are several effective methods to achieve this, which I cover in detail in the Project Management Risk Training.
At Project Closing:
Risk mitigation continues until the project is officially closed.
This means all items on the Snag List or +/- List must be resolved, and the warranty period must have expired.
Risk Categories
It is crucial to clearly define risk levels for the projects you manage. One effective approach is to categorize projects based on their risk profile.
Our team has implemented the A, B, C, and D category risk level approach, where each category has clearly defined specifications and triggers a clear project classification.
You are free to structure your categories in a way that best suits your needs - we simply prefer the ABCD method. The "Project Risk Management Toolbox" includes a chart and examples of these risk categories for reference.
HIGH RISK PROJECT!
This are the highest Risk Project that you have in your pipeline.
Typically, these are Turnkey Projects with several third-party suppliers to manage and high liabilities.
There is a clear explanation and example in the Risk Toolbox available in the shop.
Medium Risk Project:
These projects typically have an aspect like new technology but limited third party and liabilities.
Low Risk Projects:
Rather smaller projects, nothing special or little systems in our case.
D Projects:
Are SMB projects or engineering studies. Orders for equipment installation would qualify as well.
With the exeption of the SMB project, these are quoted best as possible and billed hourly. Any deviation is charged separately. Low risk!
SQ and PE Risk Flow Chart Examples:
Below model Risk Charts are a good base to start your Risk Assessment Process implementation. The one on the left starts at the Sales and Quoation stage where the opportunity is initially identified. The opportunity must go through an Risk assessment for different reasons.
On the right side is the Project Execution Risk check that either confirms or adjusts the Risk category.
SQ Risk Flowchart
Project Execution
Risk Flowchart
Risk Flowchart
Remember, it is the responsibility of the Project Manager to prepare a Risk Mitigation Plan and to constantly monitor development!